Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-9055 (GCVE-0-2025-9055)
Vulnerability from cvelistv5 – Published: 2025-11-11 07:31 – Updated: 2026-02-26 16:58
VLAI
EPSS
Summary
The VAPIX Edge storage API that allowed a privilege escalation, enabling a VAPIX administrator-privileged user to gain Linux Root privileges. This flaw can only be exploited after authenticating with an administrator-privileged service account.
Severity
6.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-250 - Execution with Unnecessary Privileges
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Axis Communications AB | AXIS OS |
Affected:
12.0.0 , < 12.7.31
(semver)
|
Credits
Malacupa
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9055",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-12T04:57:49.189814Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T16:58:00.969Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AXIS OS",
"vendor": "Axis Communications AB",
"versions": [
{
"lessThan": "12.7.31",
"status": "affected",
"version": "12.0.0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:axis_communications_ab:axis_os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "12.7.31",
"versionStartIncluding": "12.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Malacupa"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The VAPIX Edge storage API that allowed a privilege escalation, enabling a VAPIX administrator-privileged user to gain Linux Root privileges. This flaw can only be exploited after authenticating with an\u0026nbsp;administrator-privileged service account."
}
],
"value": "The VAPIX Edge storage API that allowed a privilege escalation, enabling a VAPIX administrator-privileged user to gain Linux Root privileges. This flaw can only be exploited after authenticating with an\u00a0administrator-privileged service account."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "CWE-250: Execution with Unnecessary Privileges",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-11T07:31:00.808Z",
"orgId": "f2daf9a0-02c2-4b83-a01d-63b3b304b807",
"shortName": "Axis"
},
"references": [
{
"url": "https://www.axis.com/dam/public/23/a3/00/cve-2025-9055pdf-en-US-504219.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f2daf9a0-02c2-4b83-a01d-63b3b304b807",
"assignerShortName": "Axis",
"cveId": "CVE-2025-9055",
"datePublished": "2025-11-11T07:31:00.808Z",
"dateReserved": "2025-08-15T06:07:25.330Z",
"dateUpdated": "2026-02-26T16:58:00.969Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-9055",
"date": "2026-06-17",
"epss": "0.00101",
"percentile": "0.01118"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-9055\",\"sourceIdentifier\":\"product-security@axis.com\",\"published\":\"2025-11-11T08:15:35.057\",\"lastModified\":\"2025-11-12T16:19:34.210\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The VAPIX Edge storage API that allowed a privilege escalation, enabling a VAPIX administrator-privileged user to gain Linux Root privileges. This flaw can only be exploited after authenticating with an\u00a0administrator-privileged service account.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"product-security@axis.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":6.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":0.5,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"product-security@axis.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-250\"}]}],\"references\":[{\"url\":\"https://www.axis.com/dam/public/23/a3/00/cve-2025-9055pdf-en-US-504219.pdf\",\"source\":\"product-security@axis.com\"}]}}",
"vulnrichment": {
"containers": "{\"cna\": {\"affected\": [{\"defaultStatus\": \"unaffected\", \"product\": \"AXIS OS\", \"vendor\": \"Axis Communications AB\", \"versions\": [{\"lessThan\": \"12.7.31\", \"status\": \"affected\", \"version\": \"12.0.0\", \"versionType\": \"semver\"}]}], \"cpeApplicability\": [{\"nodes\": [{\"cpeMatch\": [{\"criteria\": \"cpe:2.3:a:axis_communications_ab:axis_os:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"12.7.31\", \"versionStartIncluding\": \"12.0.0\", \"vulnerable\": true}], \"negate\": false, \"operator\": \"OR\"}], \"operator\": \"OR\"}], \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Malacupa\"}], \"descriptions\": [{\"lang\": \"en\", \"supportingMedia\": [{\"base64\": false, \"type\": \"text/html\", \"value\": \"The VAPIX Edge storage API that allowed a privilege escalation, enabling a VAPIX administrator-privileged user to gain Linux Root privileges. This flaw can only be exploited after authenticating with an\u0026nbsp;administrator-privileged service account.\"}], \"value\": \"The VAPIX Edge storage API that allowed a privilege escalation, enabling a VAPIX administrator-privileged user to gain Linux Root privileges. This flaw can only be exploited after authenticating with an\\u00a0administrator-privileged service account.\"}], \"metrics\": [{\"cvssV3_1\": {\"attackComplexity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"availabilityImpact\": \"HIGH\", \"baseScore\": 6.4, \"baseSeverity\": \"MEDIUM\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"privilegesRequired\": \"HIGH\", \"scope\": \"UNCHANGED\", \"userInteraction\": \"NONE\", \"vectorString\": \"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H\", \"version\": \"3.1\"}, \"format\": \"CVSS\", \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"problemTypes\": [{\"descriptions\": [{\"cweId\": \"CWE-250\", \"description\": \"CWE-250: Execution with Unnecessary Privileges\", \"lang\": \"en\", \"type\": \"CWE\"}]}], \"providerMetadata\": {\"orgId\": \"f2daf9a0-02c2-4b83-a01d-63b3b304b807\", \"shortName\": \"Axis\", \"dateUpdated\": \"2025-11-11T07:31:00.808Z\"}, \"references\": [{\"url\": \"https://www.axis.com/dam/public/23/a3/00/cve-2025-9055pdf-en-US-504219.pdf\"}], \"source\": {\"discovery\": \"UNKNOWN\"}, \"x_generator\": {\"engine\": \"Vulnogram 0.5.0\"}}, \"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-9055\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-11-12T04:57:49.189814Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-12-11T15:16:03.441Z\"}}]}",
"cveMetadata": "{\"cveId\": \"CVE-2025-9055\", \"assignerOrgId\": \"f2daf9a0-02c2-4b83-a01d-63b3b304b807\", \"state\": \"PUBLISHED\", \"assignerShortName\": \"Axis\", \"dateReserved\": \"2025-08-15T06:07:25.330Z\", \"datePublished\": \"2025-11-11T07:31:00.808Z\", \"dateUpdated\": \"2026-02-26T16:58:00.969Z\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
CERTFR-2025-AVI-0951
Vulnerability from certfr_avis - Published: 2025-11-03 - Updated: 2025-11-03
De multiples vulnérabilités ont été découvertes dans Axis OS. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Axis OS versions 12.x ant\u00e9rieures \u00e0 12.7",
"product": {
"name": "Axis OS",
"vendor": {
"name": "Axis",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-8108",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8108"
},
{
"name": "CVE-2025-8998",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8998"
},
{
"name": "CVE-2025-9524",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9524"
},
{
"name": "CVE-2025-9055",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9055"
},
{
"name": "CVE-2025-11142",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11142"
}
],
"initial_release_date": "2025-11-03T00:00:00",
"last_revision_date": "2025-11-03T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0951",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-11-03T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Axis OS. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Axis OS",
"vendor_advisories": [
{
"published_at": "2025-11-03",
"title": "Bulletin de s\u00e9curit\u00e9 Axis",
"url": "https://help.axis.com/en-us/axis-os-release-notes#axis-os-12"
}
]
}
CERTFR-2025-AVI-0985
Vulnerability from certfr_avis - Published: 2025-11-12 - Updated: 2025-11-12
De multiples vulnérabilités ont été découvertes dans les produits Axis. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Axis | Axis OS | Axis OS (anciennement LTS) versions 6.x antérieures à 6.50.5.22 | ||
| Axis | Optimizer | Axis Optimizer versions antérieures à 5.6.0.0 | ||
| Axis | Axis OS | Axis OS LTS 2024 versions 11.x antérieures à 11.11.178 | ||
| Axis | Axis OS | Axis OS LTS 2022 versions 10.x antérieures à 10.12.306 | ||
| Axis | Axis OS | Axis OS (anciennement LTS) versions 8.x antérieures à 8.40.90 | ||
| Axis | Axis OS | Axis OS LTS 2020 versions 9.x antérieures à 9.80.124 | ||
| Axis | Axis OS | Axis OS Active Track versions 12.x antérieures à 12.7.33 |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Axis OS (anciennement LTS) versions 6.x ant\u00e9rieures \u00e0 6.50.5.22",
"product": {
"name": "Axis OS",
"vendor": {
"name": "Axis",
"scada": false
}
}
},
{
"description": "Axis Optimizer versions ant\u00e9rieures \u00e0 5.6.0.0",
"product": {
"name": "Optimizer",
"vendor": {
"name": "Axis",
"scada": false
}
}
},
{
"description": "Axis OS LTS 2024 versions 11.x ant\u00e9rieures \u00e0 11.11.178",
"product": {
"name": "Axis OS",
"vendor": {
"name": "Axis",
"scada": false
}
}
},
{
"description": "Axis OS LTS 2022 versions 10.x ant\u00e9rieures \u00e0 10.12.306",
"product": {
"name": "Axis OS",
"vendor": {
"name": "Axis",
"scada": false
}
}
},
{
"description": "Axis OS (anciennement LTS) versions 8.x ant\u00e9rieures \u00e0 8.40.90",
"product": {
"name": "Axis OS",
"vendor": {
"name": "Axis",
"scada": false
}
}
},
{
"description": "Axis OS LTS 2020 versions 9.x ant\u00e9rieures \u00e0 9.80.124",
"product": {
"name": "Axis OS",
"vendor": {
"name": "Axis",
"scada": false
}
}
},
{
"description": "Axis OS Active Track versions 12.x ant\u00e9rieures \u00e0 12.7.33",
"product": {
"name": "Axis OS",
"vendor": {
"name": "Axis",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-5718",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5718"
},
{
"name": "CVE-2025-8108",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8108"
},
{
"name": "CVE-2025-8998",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8998"
},
{
"name": "CVE-2025-6571",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6571"
},
{
"name": "CVE-2025-4645",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4645"
},
{
"name": "CVE-2025-9524",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9524"
},
{
"name": "CVE-2025-5454",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5454"
},
{
"name": "CVE-2025-9055",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9055"
},
{
"name": "CVE-2025-5452",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5452"
},
{
"name": "CVE-2025-10714",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-10714"
},
{
"name": "CVE-2025-6298",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6298"
},
{
"name": "CVE-2025-6779",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6779"
}
],
"initial_release_date": "2025-11-12T00:00:00",
"last_revision_date": "2025-11-12T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0985",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-11-12T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Axis. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Axis",
"vendor_advisories": [
{
"published_at": "2025-11-11",
"title": "Bulletin de s\u00e9curit\u00e9 Axis cve-2025-10714pdf-en-US-504221",
"url": "https://www.axis.com/dam/public/a2/c7/8c/cve-2025-10714pdf-en-US-504221.pdf"
},
{
"published_at": "2025-11-11",
"title": "Bulletin de s\u00e9curit\u00e9 Axis cve-2025-9524pdf-en-US-504220",
"url": "https://www.axis.com/dam/public/f1/f0/1e/cve-2025-9524pdf-en-US-504220.pdf"
},
{
"published_at": "2025-11-11",
"title": "Bulletin de s\u00e9curit\u00e9 Axis cve-2025-8998pdf-en-US-504374",
"url": "https://www.axis.com/dam/public/f5/62/80/cve-2025-8998pdf-en-US-504374.pdf"
},
{
"published_at": "2025-11-11",
"title": "Bulletin de s\u00e9curit\u00e9 Axis cve-2025-6779pdf-en-US-504217",
"url": "https://www.axis.com/dam/public/92/9a/13/cve-2025-6779pdf-en-US-504217.pdf"
},
{
"published_at": "2025-11-11",
"title": "Bulletin de s\u00e9curit\u00e9 Axis cve-2025-4645pdf-en-US-504211",
"url": "https://www.axis.com/dam/public/69/47/ff/cve-2025-4645pdf-en-US-504211.pdf"
},
{
"published_at": "2025-11-11",
"title": "Bulletin de s\u00e9curit\u00e9 Axis cve-2025-9055pdf-en-US-504219",
"url": "https://www.axis.com/dam/public/23/a3/00/cve-2025-9055pdf-en-US-504219.pdf"
},
{
"published_at": "2025-11-11",
"title": "Bulletin de s\u00e9curit\u00e9 Axis cve-2025-6298pdf-en-US-504215",
"url": "https://www.axis.com/dam/public/ef/91/c3/cve-2025-6298pdf-en-US-504215.pdf"
},
{
"published_at": "2025-11-11",
"title": "Bulletin de s\u00e9curit\u00e9 Axis cve-2025-5718pdf-en-US-504214",
"url": "https://www.axis.com/dam/public/3c/a4/6a/cve-2025-5718pdf-en-US-504214.pdf"
},
{
"published_at": "2025-11-11",
"title": "Bulletin de s\u00e9curit\u00e9 Axis cve-2025-5454pdf-en-US-504213",
"url": "https://www.axis.com/dam/public/48/ab/82/cve-2025-5454pdf-en-US-504213.pdf"
},
{
"published_at": "2025-11-11",
"title": "Bulletin de s\u00e9curit\u00e9 Axis cve-2025-8108pdf-en-US-504218",
"url": "https://www.axis.com/dam/public/38/20/aa/cve-2025-8108pdf-en-US-504218.pdf"
},
{
"published_at": "2025-11-11",
"title": "Bulletin de s\u00e9curit\u00e9 Axis cve-2025-5452pdf-en-US-504212",
"url": "https://www.axis.com/dam/public/39/ba/8b/cve-2025-5452pdf-en-US-504212.pdf"
},
{
"published_at": "2025-11-11",
"title": "Bulletin de s\u00e9curit\u00e9 Axis cve-2025-6571pdf-en-US-504216",
"url": "https://www.axis.com/dam/public/1f/f8/f0/cve-2025-6571pdf-en-US-504216.pdf"
}
]
}
CERTFR-2025-AVI-0951
Vulnerability from certfr_avis - Published: 2025-11-03 - Updated: 2025-11-03
De multiples vulnérabilités ont été découvertes dans Axis OS. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Axis OS versions 12.x ant\u00e9rieures \u00e0 12.7",
"product": {
"name": "Axis OS",
"vendor": {
"name": "Axis",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-8108",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8108"
},
{
"name": "CVE-2025-8998",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8998"
},
{
"name": "CVE-2025-9524",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9524"
},
{
"name": "CVE-2025-9055",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9055"
},
{
"name": "CVE-2025-11142",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11142"
}
],
"initial_release_date": "2025-11-03T00:00:00",
"last_revision_date": "2025-11-03T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0951",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-11-03T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Axis OS. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Axis OS",
"vendor_advisories": [
{
"published_at": "2025-11-03",
"title": "Bulletin de s\u00e9curit\u00e9 Axis",
"url": "https://help.axis.com/en-us/axis-os-release-notes#axis-os-12"
}
]
}
CERTFR-2025-AVI-0985
Vulnerability from certfr_avis - Published: 2025-11-12 - Updated: 2025-11-12
De multiples vulnérabilités ont été découvertes dans les produits Axis. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Axis | Axis OS | Axis OS (anciennement LTS) versions 6.x antérieures à 6.50.5.22 | ||
| Axis | Optimizer | Axis Optimizer versions antérieures à 5.6.0.0 | ||
| Axis | Axis OS | Axis OS LTS 2024 versions 11.x antérieures à 11.11.178 | ||
| Axis | Axis OS | Axis OS LTS 2022 versions 10.x antérieures à 10.12.306 | ||
| Axis | Axis OS | Axis OS (anciennement LTS) versions 8.x antérieures à 8.40.90 | ||
| Axis | Axis OS | Axis OS LTS 2020 versions 9.x antérieures à 9.80.124 | ||
| Axis | Axis OS | Axis OS Active Track versions 12.x antérieures à 12.7.33 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Axis OS (anciennement LTS) versions 6.x ant\u00e9rieures \u00e0 6.50.5.22",
"product": {
"name": "Axis OS",
"vendor": {
"name": "Axis",
"scada": false
}
}
},
{
"description": "Axis Optimizer versions ant\u00e9rieures \u00e0 5.6.0.0",
"product": {
"name": "Optimizer",
"vendor": {
"name": "Axis",
"scada": false
}
}
},
{
"description": "Axis OS LTS 2024 versions 11.x ant\u00e9rieures \u00e0 11.11.178",
"product": {
"name": "Axis OS",
"vendor": {
"name": "Axis",
"scada": false
}
}
},
{
"description": "Axis OS LTS 2022 versions 10.x ant\u00e9rieures \u00e0 10.12.306",
"product": {
"name": "Axis OS",
"vendor": {
"name": "Axis",
"scada": false
}
}
},
{
"description": "Axis OS (anciennement LTS) versions 8.x ant\u00e9rieures \u00e0 8.40.90",
"product": {
"name": "Axis OS",
"vendor": {
"name": "Axis",
"scada": false
}
}
},
{
"description": "Axis OS LTS 2020 versions 9.x ant\u00e9rieures \u00e0 9.80.124",
"product": {
"name": "Axis OS",
"vendor": {
"name": "Axis",
"scada": false
}
}
},
{
"description": "Axis OS Active Track versions 12.x ant\u00e9rieures \u00e0 12.7.33",
"product": {
"name": "Axis OS",
"vendor": {
"name": "Axis",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-5718",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5718"
},
{
"name": "CVE-2025-8108",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8108"
},
{
"name": "CVE-2025-8998",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8998"
},
{
"name": "CVE-2025-6571",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6571"
},
{
"name": "CVE-2025-4645",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4645"
},
{
"name": "CVE-2025-9524",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9524"
},
{
"name": "CVE-2025-5454",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5454"
},
{
"name": "CVE-2025-9055",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9055"
},
{
"name": "CVE-2025-5452",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5452"
},
{
"name": "CVE-2025-10714",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-10714"
},
{
"name": "CVE-2025-6298",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6298"
},
{
"name": "CVE-2025-6779",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6779"
}
],
"initial_release_date": "2025-11-12T00:00:00",
"last_revision_date": "2025-11-12T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0985",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-11-12T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Axis. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Axis",
"vendor_advisories": [
{
"published_at": "2025-11-11",
"title": "Bulletin de s\u00e9curit\u00e9 Axis cve-2025-10714pdf-en-US-504221",
"url": "https://www.axis.com/dam/public/a2/c7/8c/cve-2025-10714pdf-en-US-504221.pdf"
},
{
"published_at": "2025-11-11",
"title": "Bulletin de s\u00e9curit\u00e9 Axis cve-2025-9524pdf-en-US-504220",
"url": "https://www.axis.com/dam/public/f1/f0/1e/cve-2025-9524pdf-en-US-504220.pdf"
},
{
"published_at": "2025-11-11",
"title": "Bulletin de s\u00e9curit\u00e9 Axis cve-2025-8998pdf-en-US-504374",
"url": "https://www.axis.com/dam/public/f5/62/80/cve-2025-8998pdf-en-US-504374.pdf"
},
{
"published_at": "2025-11-11",
"title": "Bulletin de s\u00e9curit\u00e9 Axis cve-2025-6779pdf-en-US-504217",
"url": "https://www.axis.com/dam/public/92/9a/13/cve-2025-6779pdf-en-US-504217.pdf"
},
{
"published_at": "2025-11-11",
"title": "Bulletin de s\u00e9curit\u00e9 Axis cve-2025-4645pdf-en-US-504211",
"url": "https://www.axis.com/dam/public/69/47/ff/cve-2025-4645pdf-en-US-504211.pdf"
},
{
"published_at": "2025-11-11",
"title": "Bulletin de s\u00e9curit\u00e9 Axis cve-2025-9055pdf-en-US-504219",
"url": "https://www.axis.com/dam/public/23/a3/00/cve-2025-9055pdf-en-US-504219.pdf"
},
{
"published_at": "2025-11-11",
"title": "Bulletin de s\u00e9curit\u00e9 Axis cve-2025-6298pdf-en-US-504215",
"url": "https://www.axis.com/dam/public/ef/91/c3/cve-2025-6298pdf-en-US-504215.pdf"
},
{
"published_at": "2025-11-11",
"title": "Bulletin de s\u00e9curit\u00e9 Axis cve-2025-5718pdf-en-US-504214",
"url": "https://www.axis.com/dam/public/3c/a4/6a/cve-2025-5718pdf-en-US-504214.pdf"
},
{
"published_at": "2025-11-11",
"title": "Bulletin de s\u00e9curit\u00e9 Axis cve-2025-5454pdf-en-US-504213",
"url": "https://www.axis.com/dam/public/48/ab/82/cve-2025-5454pdf-en-US-504213.pdf"
},
{
"published_at": "2025-11-11",
"title": "Bulletin de s\u00e9curit\u00e9 Axis cve-2025-8108pdf-en-US-504218",
"url": "https://www.axis.com/dam/public/38/20/aa/cve-2025-8108pdf-en-US-504218.pdf"
},
{
"published_at": "2025-11-11",
"title": "Bulletin de s\u00e9curit\u00e9 Axis cve-2025-5452pdf-en-US-504212",
"url": "https://www.axis.com/dam/public/39/ba/8b/cve-2025-5452pdf-en-US-504212.pdf"
},
{
"published_at": "2025-11-11",
"title": "Bulletin de s\u00e9curit\u00e9 Axis cve-2025-6571pdf-en-US-504216",
"url": "https://www.axis.com/dam/public/1f/f8/f0/cve-2025-6571pdf-en-US-504216.pdf"
}
]
}
FKIE_CVE-2025-9055
Vulnerability from fkie_nvd - Published: 2025-11-11 08:15 - Updated: 2026-06-17 10:08
Severity
Summary
The VAPIX Edge storage API that allowed a privilege escalation, enabling a VAPIX administrator-privileged user to gain Linux Root privileges. This flaw can only be exploited after authenticating with an administrator-privileged service account.
References
Impacted products
| Vendor | Product | Version |
|---|
{
"affected": [
{
"affectedData": [
{
"defaultStatus": "unaffected",
"product": "AXIS OS",
"vendor": "Axis Communications AB",
"versions": [
{
"lessThan": "12.7.31",
"status": "affected",
"version": "12.0.0",
"versionType": "semver"
}
]
}
],
"source": "product-security@axis.com"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The VAPIX Edge storage API that allowed a privilege escalation, enabling a VAPIX administrator-privileged user to gain Linux Root privileges. This flaw can only be exploited after authenticating with an\u00a0administrator-privileged service account."
}
],
"id": "CVE-2025-9055",
"lastModified": "2026-06-17T10:08:14.113",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.5,
"impactScore": 5.9,
"source": "product-security@axis.com",
"type": "Secondary"
}
],
"ssvcV203": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"ssvcData": {
"id": "CVE-2025-9055",
"options": [
{
"exploitation": "none"
},
{
"automatable": "no"
},
{
"technicalImpact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-12T04:57:49.189814Z",
"version": "2.0.3"
}
}
]
},
"published": "2025-11-11T08:15:35.057",
"references": [
{
"source": "product-security@axis.com",
"url": "https://www.axis.com/dam/public/23/a3/00/cve-2025-9055pdf-en-US-504219.pdf"
}
],
"sourceIdentifier": "product-security@axis.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-250"
}
],
"source": "product-security@axis.com",
"type": "Secondary"
}
]
}
GHSA-RFX4-QXJ5-WP67
Vulnerability from github – Published: 2025-11-11 09:30 – Updated: 2025-11-11 09:30
VLAI
Details
The VAPIX Edge storage API that allowed a privilege escalation, enabling a VAPIX administrator-privileged user to gain Linux Root privileges. This flaw can only be exploited after authenticating with an administrator-privileged service account.
Severity
6.4 (Medium)
{
"affected": [],
"aliases": [
"CVE-2025-9055"
],
"database_specific": {
"cwe_ids": [
"CWE-250"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-11-11T08:15:35Z",
"severity": "MODERATE"
},
"details": "The VAPIX Edge storage API that allowed a privilege escalation, enabling a VAPIX administrator-privileged user to gain Linux Root privileges. This flaw can only be exploited after authenticating with an\u00a0administrator-privileged service account.",
"id": "GHSA-rfx4-qxj5-wp67",
"modified": "2025-11-11T09:30:30Z",
"published": "2025-11-11T09:30:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9055"
},
{
"type": "WEB",
"url": "https://www.axis.com/dam/public/23/a3/00/cve-2025-9055pdf-en-US-504219.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
WID-SEC-W-2025-2546
Vulnerability from csaf_certbund - Published: 2025-11-10 23:00 - Updated: 2025-11-12 23:00Summary
Axis Axis OS: Mehrere Schwachstellen
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Axis OS ist ein Linux-basiertes Betriebssystem, das in Netzwerkvideoprodukten von Axis Communications verwendet wird.
Angriff: Ein Angreifer kann mehrere Schwachstellen in Axis Axis OS ausnutzen, um beliebigen Programmcode auszuführen, erweiterte Berechtigungen (sogar Administratorrechte) zu erlangen, Daten zu manipulieren, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand zu verursachen.
Betroffene Betriebssysteme: - Sonstiges
- UNIX
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Axis Axis OS Active Track <12.6.7
Axis / Axis OS
|
Active Track <12.6.7 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Axis Axis OS Active Track <12.6.69
Axis / Axis OS
|
Active Track <12.6.69 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Axis Axis OS Active Track <12.6.18
Axis / Axis OS
|
Active Track <12.6.18 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Axis Axis OS Active Track <12.6.30
Axis / Axis OS
|
Active Track <12.6.30 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Axis Axis OS Active Track <12.6.28
Axis / Axis OS
|
Active Track <12.6.28 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Axis Axis OS LTS 2024 <11.11.169
Axis / Axis OS
|
LTS 2024 <11.11.169 | ||
|
Axis Axis OS Active Track <12.6.66
Axis / Axis OS
|
Active Track <12.6.66 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Axis Axis OS Active Track <12.6.40
Axis / Axis OS
|
Active Track <12.6.40 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Axis Axis OS Active Track <12.7.33
Axis / Axis OS
|
Active Track <12.7.33 |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Axis Axis OS (Former LTS) <6.50.5.22
Axis / Axis OS
|
(Former LTS) <6.50.5.22 | ||
|
Axis Axis OS (Former LTS) <8.40.90
Axis / Axis OS
|
(Former LTS) <8.40.90 | ||
|
Axis Axis OS LTS 2020 <9.80.124
Axis / Axis OS
|
LTS 2020 <9.80.124 | ||
|
Axis Axis OS LTS 2022 <10.12.306
Axis / Axis OS
|
LTS 2022 <10.12.306 | ||
|
Axis Axis OS LTS 2024 <11.11.178
Axis / Axis OS
|
LTS 2024 <11.11.178 | ||
|
Axis Axis OS Active Track <12.7.27
Axis / Axis OS
|
Active Track <12.7.27 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Axis Axis OS Active Track <12.7.31
Axis / Axis OS
|
Active Track <12.7.31 |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Axis Axis OS Active Track <12.7.11
Axis / Axis OS
|
Active Track <12.7.11 | ||
|
Axis Axis OS LTS 2020 <9.80.123
Axis / Axis OS
|
LTS 2020 <9.80.123 | ||
|
Axis Axis OS LTS 2024 <11.11.177
Axis / Axis OS
|
LTS 2024 <11.11.177 | ||
|
Axis Axis OS (Former LTS) <6.50.5.21
Axis / Axis OS
|
(Former LTS) <6.50.5.21 | ||
|
Axis Axis OS (Former LTS) <8.40.89
Axis / Axis OS
|
(Former LTS) <8.40.89 | ||
|
Axis Axis OS LTS 2022 <10.12.305
Axis / Axis OS
|
LTS 2022 <10.12.305 |
References
13 references
| URL | Category |
|---|---|
| https://wid.cert-bund.de/.well-known/csaf/white/2… | self |
| https://wid.cert-bund.de/portal/wid/securityadvis… | self |
| https://www.axis.com/dam/public/1f/f8/f0/cve-2025… | external |
| https://www.axis.com/dam/public/23/a3/00/cve-2025… | external |
| https://www.axis.com/dam/public/39/ba/8b/cve-2025… | external |
| https://www.axis.com/dam/public/3c/a4/6a/cve-2025… | external |
| https://www.axis.com/dam/public/48/ab/82/cve-2025… | external |
| https://www.axis.com/dam/public/69/47/ff/cve-2025… | external |
| https://www.axis.com/dam/public/92/9a/13/cve-2025… | external |
| https://www.axis.com/dam/public/a2/c7/8c/cve-2025… | external |
| https://www.axis.com/dam/public/ef/91/c3/cve-2025… | external |
| https://www.axis.com/dam/public/f1/f0/1e/cve-2025… | external |
| https://www.axis.com/dam/public/f5/62/80/cve-2025… | external |
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Axis OS ist ein Linux-basiertes Betriebssystem, das in Netzwerkvideoprodukten von Axis Communications verwendet wird.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in Axis Axis OS ausnutzen, um beliebigen Programmcode auszuf\u00fchren, erweiterte Berechtigungen (sogar Administratorrechte) zu erlangen, Daten zu manipulieren, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand zu verursachen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges\n- UNIX",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-2546 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-2546.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-2546 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-2546"
},
{
"category": "external",
"summary": "Axix Security Advisories vom 2025-11-10",
"url": "https://www.axis.com/dam/public/1f/f8/f0/cve-2025-6571pdf-en-US-504216.pdf"
},
{
"category": "external",
"summary": "Axix Security Advisories vom 2025-11-10",
"url": "https://www.axis.com/dam/public/23/a3/00/cve-2025-9055pdf-en-US-504219.pdf"
},
{
"category": "external",
"summary": "Axix Security Advisories vom 2025-11-10",
"url": "https://www.axis.com/dam/public/39/ba/8b/cve-2025-5452pdf-en-US-504212.pdf"
},
{
"category": "external",
"summary": "Axix Security Advisories vom 2025-11-10",
"url": "https://www.axis.com/dam/public/3c/a4/6a/cve-2025-5718pdf-en-US-504214.pdf"
},
{
"category": "external",
"summary": "Axix Security Advisories vom 2025-11-10",
"url": "https://www.axis.com/dam/public/48/ab/82/cve-2025-5454pdf-en-US-504213.pdf"
},
{
"category": "external",
"summary": "Axix Security Advisories vom 2025-11-10",
"url": "https://www.axis.com/dam/public/69/47/ff/cve-2025-4645pdf-en-US-504211.pdf"
},
{
"category": "external",
"summary": "Axix Security Advisories vom 2025-11-10",
"url": "https://www.axis.com/dam/public/92/9a/13/cve-2025-6779pdf-en-US-504217.pdf"
},
{
"category": "external",
"summary": "Axix Security Advisories vom 2025-11-10",
"url": "https://www.axis.com/dam/public/a2/c7/8c/cve-2025-10714pdf-en-US-504221.pdf"
},
{
"category": "external",
"summary": "Axix Security Advisories vom 2025-11-10",
"url": "https://www.axis.com/dam/public/ef/91/c3/cve-2025-6298pdf-en-US-504215.pdf"
},
{
"category": "external",
"summary": "Axix Security Advisories vom 2025-11-10",
"url": "https://www.axis.com/dam/public/f1/f0/1e/cve-2025-9524pdf-en-US-504220.pdf"
},
{
"category": "external",
"summary": "Axix Security Advisories vom 2025-11-10",
"url": "https://www.axis.com/dam/public/f5/62/80/cve-2025-8998pdf-en-US-504374.pdf"
}
],
"source_lang": "en-US",
"title": "Axis Axis OS: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-11-12T23:00:00.000+00:00",
"generator": {
"date": "2025-11-13T10:07:43.483+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.4.0"
}
},
"id": "WID-SEC-W-2025-2546",
"initial_release_date": "2025-11-10T23:00:00.000+00:00",
"revision_history": [
{
"date": "2025-11-10T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-11-11T23:00:00.000+00:00",
"number": "2",
"summary": "Referenz(en) aufgenommen: EUVD-2025-74045, EUVD-2025-74041, EUVD-2025-74040, EUVD-2025-74035, EUVD-2025-74046, EUVD-2025-74042, EUVD-2025-74043, EUVD-2025-74044"
},
{
"date": "2025-11-12T23:00:00.000+00:00",
"number": "3",
"summary": "Referenz(en) aufgenommen: EUVD-2025-74036"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "Active Track \u003c12.6.66",
"product": {
"name": "Axis Axis OS Active Track \u003c12.6.66",
"product_id": "T048438"
}
},
{
"category": "product_version",
"name": "Active Track 12.6.66",
"product": {
"name": "Axis Axis OS Active Track 12.6.66",
"product_id": "T048438-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:axis:axis_os:active_track__12.6.66"
}
}
},
{
"category": "product_version_range",
"name": "LTS 2024 \u003c11.11.169",
"product": {
"name": "Axis Axis OS LTS 2024 \u003c11.11.169",
"product_id": "T048439"
}
},
{
"category": "product_version",
"name": "LTS 2024 11.11.169",
"product": {
"name": "Axis Axis OS LTS 2024 11.11.169",
"product_id": "T048439-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:axis:axis_os:lts_2024__11.11.169"
}
}
},
{
"category": "product_version_range",
"name": "Active Track \u003c12.7.31",
"product": {
"name": "Axis Axis OS Active Track \u003c12.7.31",
"product_id": "T048440"
}
},
{
"category": "product_version",
"name": "Active Track 12.7.31",
"product": {
"name": "Axis Axis OS Active Track 12.7.31",
"product_id": "T048440-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:axis:axis_os:active_track__12.7.31"
}
}
},
{
"category": "product_version_range",
"name": "Active Track \u003c12.7.33",
"product": {
"name": "Axis Axis OS Active Track \u003c12.7.33",
"product_id": "T048441"
}
},
{
"category": "product_version",
"name": "Active Track 12.7.33",
"product": {
"name": "Axis Axis OS Active Track 12.7.33",
"product_id": "T048441-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:axis:axis_os:active_track__12.7.33"
}
}
},
{
"category": "product_version_range",
"name": "Active Track \u003c12.6.69",
"product": {
"name": "Axis Axis OS Active Track \u003c12.6.69",
"product_id": "T048442"
}
},
{
"category": "product_version",
"name": "Active Track 12.6.69",
"product": {
"name": "Axis Axis OS Active Track 12.6.69",
"product_id": "T048442-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:axis:axis_os:active_track__12.6.69"
}
}
},
{
"category": "product_version_range",
"name": "Active Track \u003c12.6.30",
"product": {
"name": "Axis Axis OS Active Track \u003c12.6.30",
"product_id": "T048443"
}
},
{
"category": "product_version",
"name": "Active Track 12.6.30",
"product": {
"name": "Axis Axis OS Active Track 12.6.30",
"product_id": "T048443-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:axis:axis_os:active_track__12.6.30"
}
}
},
{
"category": "product_version_range",
"name": "Active Track \u003c12.6.18",
"product": {
"name": "Axis Axis OS Active Track \u003c12.6.18",
"product_id": "T048444"
}
},
{
"category": "product_version",
"name": "Active Track 12.6.18",
"product": {
"name": "Axis Axis OS Active Track 12.6.18",
"product_id": "T048444-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:axis:axis_os:active_track__12.6.18"
}
}
},
{
"category": "product_version_range",
"name": "Active Track \u003c12.6.7",
"product": {
"name": "Axis Axis OS Active Track \u003c12.6.7",
"product_id": "T048445"
}
},
{
"category": "product_version",
"name": "Active Track 12.6.7",
"product": {
"name": "Axis Axis OS Active Track 12.6.7",
"product_id": "T048445-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:axis:axis_os:active_track__12.6.7"
}
}
},
{
"category": "product_version_range",
"name": "Active Track \u003c12.6.40",
"product": {
"name": "Axis Axis OS Active Track \u003c12.6.40",
"product_id": "T048446"
}
},
{
"category": "product_version",
"name": "Active Track 12.6.40",
"product": {
"name": "Axis Axis OS Active Track 12.6.40",
"product_id": "T048446-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:axis:axis_os:active_track__12.6.40"
}
}
},
{
"category": "product_version_range",
"name": "Active Track \u003c12.6.28",
"product": {
"name": "Axis Axis OS Active Track \u003c12.6.28",
"product_id": "T048447"
}
},
{
"category": "product_version",
"name": "Active Track 12.6.28",
"product": {
"name": "Axis Axis OS Active Track 12.6.28",
"product_id": "T048447-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:axis:axis_os:active_track__12.6.28"
}
}
},
{
"category": "product_version_range",
"name": "Active Track \u003c12.7.11",
"product": {
"name": "Axis Axis OS Active Track \u003c12.7.11",
"product_id": "T048448"
}
},
{
"category": "product_version",
"name": "Active Track 12.7.11",
"product": {
"name": "Axis Axis OS Active Track 12.7.11",
"product_id": "T048448-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:axis:axis_os:active_track__12.7.11"
}
}
},
{
"category": "product_version_range",
"name": "LTS 2024 \u003c11.11.177",
"product": {
"name": "Axis Axis OS LTS 2024 \u003c11.11.177",
"product_id": "T048450"
}
},
{
"category": "product_version",
"name": "LTS 2024 11.11.177",
"product": {
"name": "Axis Axis OS LTS 2024 11.11.177",
"product_id": "T048450-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:axis:axis_os:lts_2024__11.11.177"
}
}
},
{
"category": "product_version_range",
"name": "LTS 2022 \u003c10.12.305",
"product": {
"name": "Axis Axis OS LTS 2022 \u003c10.12.305",
"product_id": "T048451"
}
},
{
"category": "product_version",
"name": "LTS 2022 10.12.305",
"product": {
"name": "Axis Axis OS LTS 2022 10.12.305",
"product_id": "T048451-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:axis:axis_os:lts_2022__10.12.305"
}
}
},
{
"category": "product_version_range",
"name": "(Former LTS) \u003c8.40.89",
"product": {
"name": "Axis Axis OS (Former LTS) \u003c8.40.89",
"product_id": "T048453"
}
},
{
"category": "product_version",
"name": "(Former LTS) 8.40.89",
"product": {
"name": "Axis Axis OS (Former LTS) 8.40.89",
"product_id": "T048453-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:axis:axis_os:%2528former_lts%2529__8.40.89"
}
}
},
{
"category": "product_version_range",
"name": "(Former LTS) \u003c6.50.5.21",
"product": {
"name": "Axis Axis OS (Former LTS) \u003c6.50.5.21",
"product_id": "T048454"
}
},
{
"category": "product_version",
"name": "(Former LTS) 6.50.5.21",
"product": {
"name": "Axis Axis OS (Former LTS) 6.50.5.21",
"product_id": "T048454-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:axis:axis_os:%2528former_lts%2529__6.50.5.21"
}
}
},
{
"category": "product_version_range",
"name": "Active Track \u003c12.7.27",
"product": {
"name": "Axis Axis OS Active Track \u003c12.7.27",
"product_id": "T048455"
}
},
{
"category": "product_version",
"name": "Active Track 12.7.27",
"product": {
"name": "Axis Axis OS Active Track 12.7.27",
"product_id": "T048455-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:axis:axis_os:active_track__12.7.27"
}
}
},
{
"category": "product_version_range",
"name": "LTS 2024 \u003c11.11.178",
"product": {
"name": "Axis Axis OS LTS 2024 \u003c11.11.178",
"product_id": "T048456"
}
},
{
"category": "product_version",
"name": "LTS 2024 11.11.178",
"product": {
"name": "Axis Axis OS LTS 2024 11.11.178",
"product_id": "T048456-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:axis:axis_os:lts_2024__11.11.178"
}
}
},
{
"category": "product_version_range",
"name": "LTS 2022 \u003c10.12.306",
"product": {
"name": "Axis Axis OS LTS 2022 \u003c10.12.306",
"product_id": "T048457"
}
},
{
"category": "product_version",
"name": "LTS 2022 10.12.306",
"product": {
"name": "Axis Axis OS LTS 2022 10.12.306",
"product_id": "T048457-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:axis:axis_os:lts_2022__10.12.306"
}
}
},
{
"category": "product_version_range",
"name": "LTS 2020 \u003c9.80.124",
"product": {
"name": "Axis Axis OS LTS 2020 \u003c9.80.124",
"product_id": "T048458"
}
},
{
"category": "product_version",
"name": "LTS 2020 9.80.124",
"product": {
"name": "Axis Axis OS LTS 2020 9.80.124",
"product_id": "T048458-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:axis:axis_os:lts_2020__9.80.124"
}
}
},
{
"category": "product_version_range",
"name": "LTS 2020 \u003c9.80.123",
"product": {
"name": "Axis Axis OS LTS 2020 \u003c9.80.123",
"product_id": "T048459"
}
},
{
"category": "product_version",
"name": "LTS 2020 9.80.123",
"product": {
"name": "Axis Axis OS LTS 2020 9.80.123",
"product_id": "T048459-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:axis:axis_os:lts_2020__9.80.123"
}
}
},
{
"category": "product_version_range",
"name": "(Former LTS) \u003c8.40.90",
"product": {
"name": "Axis Axis OS (Former LTS) \u003c8.40.90",
"product_id": "T048460"
}
},
{
"category": "product_version",
"name": "(Former LTS) 8.40.90",
"product": {
"name": "Axis Axis OS (Former LTS) 8.40.90",
"product_id": "T048460-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:axis:axis_os:%2528former_lts%2529__8.40.90"
}
}
},
{
"category": "product_version_range",
"name": "(Former LTS) \u003c6.50.5.22",
"product": {
"name": "Axis Axis OS (Former LTS) \u003c6.50.5.22",
"product_id": "T048461"
}
},
{
"category": "product_version",
"name": "(Former LTS) 6.50.5.22",
"product": {
"name": "Axis Axis OS (Former LTS) 6.50.5.22",
"product_id": "T048461-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:axis:axis_os:%2528former_lts%2529__6.50.5.22"
}
}
}
],
"category": "product_name",
"name": "Axis OS"
}
],
"category": "vendor",
"name": "Axis"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-4645",
"product_status": {
"known_affected": [
"T048445"
]
},
"release_date": "2025-11-10T23:00:00.000+00:00",
"title": "CVE-2025-4645"
},
{
"cve": "CVE-2025-5452",
"product_status": {
"known_affected": [
"T048442"
]
},
"release_date": "2025-11-10T23:00:00.000+00:00",
"title": "CVE-2025-5452"
},
{
"cve": "CVE-2025-5454",
"product_status": {
"known_affected": [
"T048444"
]
},
"release_date": "2025-11-10T23:00:00.000+00:00",
"title": "CVE-2025-5454"
},
{
"cve": "CVE-2025-5718",
"product_status": {
"known_affected": [
"T048443"
]
},
"release_date": "2025-11-10T23:00:00.000+00:00",
"title": "CVE-2025-5718"
},
{
"cve": "CVE-2025-6298",
"product_status": {
"known_affected": [
"T048447"
]
},
"release_date": "2025-11-10T23:00:00.000+00:00",
"title": "CVE-2025-6298"
},
{
"cve": "CVE-2025-6571",
"product_status": {
"known_affected": [
"T048439",
"T048438"
]
},
"release_date": "2025-11-10T23:00:00.000+00:00",
"title": "CVE-2025-6571"
},
{
"cve": "CVE-2025-6779",
"product_status": {
"known_affected": [
"T048446"
]
},
"release_date": "2025-11-10T23:00:00.000+00:00",
"title": "CVE-2025-6779"
},
{
"cve": "CVE-2025-8108",
"product_status": {
"known_affected": [
"T048441"
]
},
"release_date": "2025-11-10T23:00:00.000+00:00",
"title": "CVE-2025-8108"
},
{
"cve": "CVE-2025-8998",
"product_status": {
"known_affected": [
"T048461",
"T048460",
"T048458",
"T048457",
"T048456",
"T048455"
]
},
"release_date": "2025-11-10T23:00:00.000+00:00",
"title": "CVE-2025-8998"
},
{
"cve": "CVE-2025-9055",
"product_status": {
"known_affected": [
"T048440"
]
},
"release_date": "2025-11-10T23:00:00.000+00:00",
"title": "CVE-2025-9055"
},
{
"cve": "CVE-2025-9524",
"product_status": {
"known_affected": [
"T048448",
"T048459",
"T048450",
"T048454",
"T048453",
"T048451"
]
},
"release_date": "2025-11-10T23:00:00.000+00:00",
"title": "CVE-2025-9524"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…